dexto 1.5.6 → 1.5.7

package/dist/cli/auth/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/oauth.ts"],"names":[],"mappings":"AA4CA,UAAU,WAAW;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,IAAI,CAAC,EACC;QACI,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7B,GACD,SAAS,CAAC;CACnB;AAiQD;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CA2CjF;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAKlC,CAAC"}

package/dist/cli/auth/oauth.js

@@ -0,0 +1,327 @@
+// packages/cli/src/cli/auth/oauth.ts
+// OAuth flow implementation with local callback server
+//
+// TODO: Add CSRF protection via Device Code Flow (RFC 8628)
+// Current localhost callback pattern lacks CSRF protection. We attempted to add
+// a `state` parameter but Supabase uses `state` internally for its own OAuth CSRF
+// with Google, causing conflicts. The proper solution is Device Code Flow:
+// 1. CLI requests device code from server
+// 2. User visits URL and enters code
+// 3. CLI polls for authorization completion
+// This is what Supabase CLI, GitHub CLI, and others use for secure CLI auth.
+import * as http from 'http';
+import * as url from 'url';
+import * as querystring from 'querystring';
+import chalk from 'chalk';
+import * as p from '@clack/prompts';
+import { logger } from '@dexto/core';
+import { readFileSync } from 'node:fs';
+import { SUPABASE_URL, SUPABASE_ANON_KEY } from './constants.js';
+// Track active OAuth callback servers by port for cleanup
+const oauthStateStore = new Map();
+const DEXTO_LOGO_DATA_URL = (() => {
+    try {
+        const svg = readFileSync(new URL('../assets/dexto-logo.svg', import.meta.url), 'utf-8');
+        return `data:image/svg+xml;base64,${Buffer.from(svg).toString('base64')}`;
+    }
+    catch (error) {
+        logger.warn(`Failed to load Dexto logo asset for OAuth screen: ${error instanceof Error ? error.message : String(error)}`);
+        return '';
+    }
+})();
+const LOGO_FALLBACK_TEXT = DEXTO_LOGO_DATA_URL ? '' : 'D';
+const LOGO_HTML = `<div class="logo">${LOGO_FALLBACK_TEXT}</div>`;
+// Pre-generate HTML strings with logo
+const ERROR_HTML = `${LOGO_HTML}<div class="error-icon">✕</div><h1 class="error-title">Authentication Failed</h1><p>You can close this window and try again in your terminal.</p>`;
+const SUCCESS_HTML = `${LOGO_HTML}<div class="success-icon">✓</div><h1 class="success-title">Login Successful!</h1><p>Welcome to Dexto! You can close this window and return to your terminal.</p>`;
+const NO_DATA_HTML = `${LOGO_HTML}<div class="error-icon">✕</div><h1 class="error-title">No Authentication Data</h1><p>Please try the login process again in your terminal.</p>`;
+// Fixed port for OAuth callback - must match Supabase redirect URL config
+const OAUTH_CALLBACK_PORT = 48102;
+/**
+ * Check if fixed port is available, throw if not
+ */
+function ensurePortAvailable(port) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer();
+        server.listen(port, () => {
+            server.close(() => resolve(port));
+        });
+        server.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                reject(new Error(`Port ${port} is already in use. Please close the application using it and try again.`));
+            }
+            else {
+                reject(err);
+            }
+        });
+    });
+}
+/**
+ * Start local HTTP server to receive OAuth callback
+ */
+function startCallbackServer(port, config) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer(async (req, res) => {
+            try {
+                if (!req.url) {
+                    res.writeHead(400);
+                    res.end('Bad Request');
+                    return;
+                }
+                const parsedUrl = url.parse(req.url, true);
+                if (req.method === 'GET') {
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end(`
+                        <html>
+                        <head>
+                            <meta charset="utf-8" />
+                            <title>Dexto Authentication</title>
+                            <meta name="viewport" content="width=device-width, initial-scale=1.0">
+                            <link href="https://fonts.googleapis.com/css2?family=Geist:wght@400;500;600;700&display=swap" rel="stylesheet">
+                            <style>
+                                * { margin: 0; padding: 0; box-sizing: border-box; }
+                                body {
+                                    font-family: 'Geist', -apple-system, BlinkMacSystemFont, sans-serif;
+                                    background: linear-gradient(135deg, #0f0f0f 0%, #1a1a1a 100%);
+                                    color: #fafafa;
+                                    min-height: 100vh;
+                                    display: flex;
+                                    align-items: center;
+                                    justify-content: center;
+                                    padding: 20px;
+                                }
+                                .container {
+                                    background: #141414;
+                                    border: 1px solid #262626;
+                                    padding: 48px;
+                                    border-radius: 12px;
+                                    box-shadow: 0 8px 32px rgba(0, 0, 0, 0.4);
+                                    max-width: 450px;
+                                    width: 100%;
+                                    text-align: center;
+                                }
+                                .logo {
+                                    width: 240px;
+                                    height: 70px;
+                                    margin: 0 auto 32px;
+                                    background-image: ${DEXTO_LOGO_DATA_URL ? `url("${DEXTO_LOGO_DATA_URL}")` : 'none'};
+                                    background-repeat: no-repeat;
+                                    background-position: center;
+                                    background-size: contain;
+                                    display: flex;
+                                    align-items: center;
+                                    justify-content: center;
+                                    font-size: 28px;
+                                    font-weight: 600;
+                                    color: #4ec9b0;
+                                }
+                                .spinner {
+                                    font-size: 48px;
+                                    margin-bottom: 24px;
+                                    animation: pulse 2s infinite;
+                                }
+                                @keyframes pulse {
+                                    0%, 100% { opacity: 1; }
+                                    50% { opacity: 0.6; }
+                                }
+                                h1 { font-size: 24px; font-weight: 600; margin-bottom: 12px; color: #fafafa; }
+                                p { color: #a1a1aa; font-size: 16px; line-height: 1.5; }
+                                .success-icon { color: #22c55e; font-size: 64px; margin-bottom: 24px; }
+                                .error-icon { color: #dc2626; font-size: 64px; margin-bottom: 24px; }
+                                .success-title { color: #22c55e; }
+                                .error-title { color: #dc2626; }
+                            </style>
+                        </head>
+                        <body>
+                            <div class="container">
+                                ${LOGO_HTML}
+                                <div class="spinner">◐</div>
+                                <h1>Processing Authentication...</h1>
+                                <p>Please wait while we complete your Dexto login.</p>
+                            </div>
+                            <script>
+                            const hashParams = new URLSearchParams(window.location.hash.substring(1));
+                            const urlParams = new URLSearchParams(window.location.search);
+                            const accessToken = hashParams.get('access_token') || urlParams.get('access_token');
+                            const refreshToken = hashParams.get('refresh_token') || urlParams.get('refresh_token');
+                            const expiresIn = hashParams.get('expires_in') || urlParams.get('expires_in');
+                            const error = hashParams.get('error') || urlParams.get('error');
+
+                            if (window.location.hash || window.location.search) {
+                                window.history.replaceState(null, document.title, window.location.pathname);
+                            }
+
+                            if (error) {
+                                fetch('/callback', {
+                                    method: 'POST',
+                                    headers: { 'Content-Type': 'application/json' },
+                                    body: JSON.stringify({ error: error })
+                                }).then(() => {
+                                    document.querySelector('.container').innerHTML = ${JSON.stringify(ERROR_HTML)};
+                                });
+                            } else if (accessToken) {
+                                fetch('/callback', {
+                                    method: 'POST',
+                                    headers: { 'Content-Type': 'application/json' },
+                                    body: JSON.stringify({
+                                        access_token: accessToken,
+                                        refresh_token: refreshToken,
+                                        expires_in: expiresIn ? parseInt(expiresIn) : undefined
+                                    })
+                                }).then(() => {
+                                    document.querySelector('.container').innerHTML = ${JSON.stringify(SUCCESS_HTML)};
+                                });
+                            } else {
+                                document.querySelector('.container').innerHTML = ${JSON.stringify(NO_DATA_HTML)};
+                            }
+                            </script>
+                        </body>
+                        </html>
+                    `);
+                }
+                else if (req.method === 'POST' && parsedUrl.pathname === '/callback') {
+                    let body = '';
+                    const MAX_BODY_SIZE = 10 * 1024; // 10KB - plenty for OAuth tokens
+                    req.on('data', (chunk) => {
+                        if (body.length + chunk.length > MAX_BODY_SIZE) {
+                            req.destroy();
+                            res.writeHead(413);
+                            res.end('Request too large');
+                            return;
+                        }
+                        body += chunk.toString();
+                    });
+                    req.on('end', async () => {
+                        try {
+                            const data = JSON.parse(body);
+                            if (data.error) {
+                                res.writeHead(200);
+                                res.end('OK');
+                                server.close();
+                                reject(new Error(`OAuth error: ${data.error}`));
+                                return;
+                            }
+                            if (data.access_token) {
+                                const userResponse = await fetch(`${config.authUrl}/auth/v1/user`, {
+                                    headers: {
+                                        Authorization: `Bearer ${data.access_token}`,
+                                        apikey: config.clientId,
+                                    },
+                                });
+                                const userData = userResponse.ok ? await userResponse.json() : null;
+                                const result = {
+                                    accessToken: data.access_token,
+                                    refreshToken: data.refresh_token,
+                                    expiresIn: data.expires_in,
+                                    user: userData
+                                        ? {
+                                            id: userData.id,
+                                            email: userData.email,
+                                            name: userData.user_metadata?.full_name ||
+                                                userData.email,
+                                        }
+                                        : undefined,
+                                };
+                                res.writeHead(200);
+                                res.end('OK');
+                                server.close();
+                                resolve(result);
+                            }
+                            else {
+                                res.writeHead(400);
+                                res.end('Missing tokens');
+                                server.close();
+                                reject(new Error('No access token received'));
+                            }
+                        }
+                        catch (_err) {
+                            res.writeHead(400);
+                            res.end('Invalid data');
+                            server.close();
+                            reject(new Error('Invalid callback data'));
+                        }
+                    });
+                }
+                else {
+                    res.writeHead(404);
+                    res.end('Not Found');
+                }
+            }
+            catch (error) {
+                logger.error(`Callback server error: ${error}`);
+                res.writeHead(500);
+                res.end('Internal Server Error');
+                server.close();
+                oauthStateStore.delete(port);
+                reject(error);
+            }
+        });
+        const timeoutMs = 5 * 60 * 1000;
+        const timeoutHandle = setTimeout(() => {
+            server.close();
+            oauthStateStore.delete(port);
+            reject(new Error('Authentication timed out'));
+        }, timeoutMs);
+        const cleanup = () => {
+            clearTimeout(timeoutHandle);
+            oauthStateStore.delete(port);
+        };
+        server.listen(port, 'localhost', () => {
+            logger.debug(`OAuth callback server listening on http://localhost:${port}`);
+        });
+        server.on('close', cleanup);
+        server.on('error', (error) => {
+            cleanup();
+            reject(new Error(`Failed to start callback server: ${error.message}`));
+        });
+    });
+}
+/**
+ * Perform OAuth login flow with Supabase
+ */
+export async function performOAuthLogin(config) {
+    try {
+        const port = await ensurePortAvailable(OAUTH_CALLBACK_PORT);
+        const redirectUri = `http://localhost:${port}`;
+        oauthStateStore.set(port, 'active');
+        logger.debug(`Registered OAuth callback server on port ${port}`);
+        const provider = config.provider || 'google';
+        const authParams = querystring.stringify({
+            redirect_to: redirectUri,
+        });
+        const authUrl = `${config.authUrl}/auth/v1/authorize?provider=${provider}&${authParams}`;
+        const tokenPromise = startCallbackServer(port, config);
+        console.log(chalk.cyan('🌐 Opening browser for authentication...'));
+        try {
+            const { default: open } = await import('open');
+            await open(authUrl);
+            console.log(chalk.green('✅ Browser opened'));
+        }
+        catch (_error) {
+            console.log(chalk.yellow(`💡 Please open manually: ${authUrl}`));
+        }
+        const spinner = p.spinner();
+        spinner.start('Waiting for authentication...');
+        try {
+            const result = await tokenPromise;
+            spinner.stop('Authentication successful!');
+            return result;
+        }
+        catch (error) {
+            spinner.stop('Authentication failed');
+            throw error;
+        }
+    }
+    catch (_error) {
+        throw new Error(`OAuth login failed: ${_error instanceof Error ? _error.message : String(_error)}`);
+    }
+}
+/**
+ * Default Supabase OAuth configuration for Dexto CLI
+ */
+export const DEFAULT_OAUTH_CONFIG = {
+    authUrl: SUPABASE_URL,
+    clientId: SUPABASE_ANON_KEY,
+    provider: 'google',
+    scopes: ['openid', 'email', 'profile'],
+};

package/dist/cli/auth/service.d.ts

@@ -0,0 +1,20 @@
+export interface AuthConfig {
+    /** Supabase access token from OAuth login (optional if using --api-key) */
+    token?: string | undefined;
+    refreshToken?: string | undefined;
+    userId?: string | undefined;
+    email?: string | undefined;
+    expiresAt?: number | undefined;
+    createdAt: number;
+    /** Dexto API key for gateway access (from --api-key or provisioned after OAuth) */
+    dextoApiKey?: string | undefined;
+    dextoKeyId?: string | undefined;
+}
+export declare function storeAuth(config: AuthConfig): Promise<void>;
+export declare function loadAuth(): Promise<AuthConfig | null>;
+export declare function removeAuth(): Promise<void>;
+export declare function isAuthenticated(): Promise<boolean>;
+export declare function getAuthToken(): Promise<string | null>;
+export declare function getDextoApiKey(): Promise<string | null>;
+export declare function getAuthFilePath(): string;
+//# sourceMappingURL=service.d.ts.map

package/dist/cli/auth/service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/service.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,UAAU;IACvB,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,mFAAmF;IACnF,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC;AAiBD,wBAAsB,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAQjE;AAED,wBAAsB,QAAQ,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CA4B3D;AAED,wBAAsB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAOhD;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAGxD;AAED,wBAAsB,YAAY,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA4C3D;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQ7D;AA8CD,wBAAgB,eAAe,IAAI,MAAM,CAExC"}

package/dist/cli/auth/service.js

@@ -0,0 +1,147 @@
+// packages/cli/src/cli/auth/service.ts
+// Auth storage, token management, and refresh logic
+import chalk from 'chalk';
+import { existsSync, promises as fs } from 'fs';
+import { z } from 'zod';
+import { getDextoGlobalPath, logger } from '@dexto/core';
+import { SUPABASE_URL, SUPABASE_ANON_KEY } from './constants.js';
+const AUTH_CONFIG_FILE = 'auth.json';
+const AuthConfigSchema = z
+    .object({
+    token: z.string().min(1).optional(),
+    refreshToken: z.string().optional(),
+    userId: z.string().optional(),
+    email: z.string().email().optional(),
+    expiresAt: z.number().optional(),
+    createdAt: z.number(),
+    dextoApiKey: z.string().optional(),
+    dextoKeyId: z.string().optional(),
+})
+    .refine((data) => data.token || data.dextoApiKey, {
+    message: 'Either token (from OAuth) or dextoApiKey (from --api-key) is required',
+});
+export async function storeAuth(config) {
+    const authPath = getDextoGlobalPath('', AUTH_CONFIG_FILE);
+    const dextoDir = getDextoGlobalPath('', '');
+    await fs.mkdir(dextoDir, { recursive: true });
+    await fs.writeFile(authPath, JSON.stringify(config, null, 2), { mode: 0o600 });
+    logger.debug(`Stored auth config at: ${authPath}`);
+}
+export async function loadAuth() {
+    const authPath = getDextoGlobalPath('', AUTH_CONFIG_FILE);
+    if (!existsSync(authPath)) {
+        return null;
+    }
+    try {
+        const content = await fs.readFile(authPath, 'utf-8');
+        const config = JSON.parse(content);
+        const validated = AuthConfigSchema.parse(config);
+        if (validated.expiresAt && validated.expiresAt < Date.now()) {
+            // Only remove auth if there's no refresh token available
+            // If refresh token exists, return the expired auth and let getAuthToken() handle refresh
+            if (!validated.refreshToken) {
+                await removeAuth();
+                return null;
+            }
+        }
+        return validated;
+    }
+    catch (error) {
+        logger.warn(`Invalid auth config, removing: ${error}`);
+        await removeAuth();
+        return null;
+    }
+}
+export async function removeAuth() {
+    const authPath = getDextoGlobalPath('', AUTH_CONFIG_FILE);
+    if (existsSync(authPath)) {
+        await fs.unlink(authPath);
+        logger.debug(`Removed auth config from: ${authPath}`);
+    }
+}
+export async function isAuthenticated() {
+    const auth = await loadAuth();
+    return auth !== null;
+}
+export async function getAuthToken() {
+    const auth = await loadAuth();
+    if (!auth) {
+        return null;
+    }
+    const now = Date.now();
+    const fiveMinutes = 5 * 60 * 1000;
+    const isExpiringSoon = auth.expiresAt && auth.expiresAt < now + fiveMinutes;
+    if (!isExpiringSoon) {
+        return auth.token ?? null;
+    }
+    if (!auth.refreshToken) {
+        logger.debug('Token expired but no refresh token available');
+        await removeAuth();
+        return null;
+    }
+    logger.debug('Access token expired or expiring soon, refreshing...');
+    console.log(chalk.cyan('🔄 Access token expiring soon, refreshing...'));
+    const refreshResult = await refreshAccessToken(auth.refreshToken);
+    if (!refreshResult) {
+        logger.debug('Token refresh failed, removing auth');
+        console.log(chalk.red('❌ Token refresh failed. Please login again.'));
+        await removeAuth();
+        return null;
+    }
+    const newExpiresAt = Date.now() + refreshResult.expiresIn * 1000;
+    await storeAuth({
+        ...auth,
+        token: refreshResult.accessToken,
+        refreshToken: refreshResult.refreshToken,
+        expiresAt: newExpiresAt,
+    });
+    logger.debug('Token refreshed successfully');
+    console.log(chalk.green('✅ Access token refreshed successfully'));
+    return refreshResult.accessToken;
+}
+export async function getDextoApiKey() {
+    // Explicit env var takes priority (for CI, testing, account override)
+    if (process.env.DEXTO_API_KEY?.trim()) {
+        return process.env.DEXTO_API_KEY;
+    }
+    // Fall back to auth.json (from `dexto login`)
+    const auth = await loadAuth();
+    return auth?.dextoApiKey || null;
+}
+async function refreshAccessToken(refreshToken) {
+    try {
+        const response = await fetch(`${SUPABASE_URL}/auth/v1/token?grant_type=refresh_token`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                apikey: SUPABASE_ANON_KEY,
+            },
+            body: JSON.stringify({
+                refresh_token: refreshToken,
+            }),
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!response.ok) {
+            logger.debug(`Token refresh failed: ${response.status}`);
+            return null;
+        }
+        const data = await response.json();
+        if (!data.access_token || !data.refresh_token) {
+            logger.debug('Token refresh response missing required tokens');
+            return null;
+        }
+        logger.debug('Successfully refreshed access token');
+        return {
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token,
+            expiresIn: data.expires_in || 3600,
+        };
+    }
+    catch (error) {
+        logger.debug(`Token refresh error: ${error instanceof Error ? error.message : String(error)}`);
+        return null;
+    }
+}
+export function getAuthFilePath() {
+    return getDextoGlobalPath('', AUTH_CONFIG_FILE);
+}

package/dist/cli/commands/auth/index.d.ts

@@ -0,0 +1,4 @@
+export { handleLoginCommand, handleBrowserLogin } from './login.js';
+export { handleLogoutCommand } from './logout.js';
+export { handleStatusCommand } from './status.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/commands/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/auth/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/dist/cli/commands/auth/index.js

@@ -0,0 +1,4 @@
+// packages/cli/src/cli/commands/auth/index.ts
+export { handleLoginCommand, handleBrowserLogin } from './login.js';
+export { handleLogoutCommand } from './logout.js';
+export { handleStatusCommand } from './status.js';

package/dist/cli/commands/auth/login.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Handle login command - multiple methods supported
+ */
+export declare function handleLoginCommand(options?: {
+    apiKey?: string;
+    interactive?: boolean;
+}): Promise<void>;
+export declare function handleBrowserLogin(): Promise<void>;
+//# sourceMappingURL=login.d.ts.map

package/dist/cli/commands/auth/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/auth/login.ts"],"names":[],"mappings":"AAcA;;GAEG;AACH,wBAAsB,kBAAkB,CACpC,OAAO,GAAE;IACL,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;CACpB,GACP,OAAO,CAAC,IAAI,CAAC,CAiEf;AAED,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAgCxD"}